Rockefeller, Lead Senate Player on Cyber, Seeks To Win Over Business

Rockefellers was one of four cosponsors last year on a Senate cybersecurity bill—the Cybersecurity Act of 2012—that ultimately was rejected by Republicans, business groups, and privacy advocates.
//
Tyler Evert/AP

A week after President Obama unveiled an executive order aimed at protecting the country from cyberattacks, attention is turning to Congress, where Sen. Jay Rockefeller, D-W.Va., is taking the lead on crafting broad legislation to fight cybercrimes and combat threats to critical infrastructure such as power grids and water supplies.

Late last month, Rockefeller introduced a bill laying out areas of focus for proposed cyber-related legislation. Among the priorities it identifies: better training for America's cyberwarriors, protections against online identity theft and crime, and, most important, building out a system for public-private information sharing that isn't too controversial.

Rockefeller, chairman of the Senate Commerce Committee, has long championed of such a measure. He was one of four cosponsors last year on a Senate cybersecurity bill—the Cybersecurity Act of 2012—that ultimately was rejected by Republicans, business groups, and privacy advocates. Rockefeller was so frustrated by the legislative defeat that he began writing letters to Fortune 500 CEOs, asking them to describe their companies' state of cyberattack readiness.

Six other Democrats have already signed on to Rockefeller's cause this year: Thomas Carper and Christopher Coons of Delaware; Dianne Feinstein of California; Carl Levin of Michigan; Barbara Mikulski of Maryland; and Sheldon Whitehouse of Rhode Island. Of those, only Carper and Feinstein had had close involvement on the previous year's bill—a sign of how quickly cyber has expanded as a federal priority in just a matter of months. Levin chairs the powerful Senate Armed Services Committee. Together with Feinstein, who heads the Senate Intelligence Committee, expect Levin to play an outsized role in crafting the law. Coons told Politico this week that he expects to hold hearings on Obama's executive order before the end of March.

Sen. Joe Lieberman, ID-Conn., a lead player in last year's effort to pass a broad bill on cybersecurity, retired from his job last year. Another key player in the 2012 effort, Sen. Susan Collins, R-Maine, no longer sits on the Senate Homeland Security Committee.

The bill that Lieberman and Collins proposed last year was pilloried by civil-liberties watchdogs like the San Francisco-based Electronic Frontier Foundation, which argued its language was far too broad and opened the door to potential abuse of consumer information. Critics of the Lieberman-Collins legislation disliked provisions that put spy agencies in the lead on cybersecurity. Changes made to the bill in mid-July gave a greater role to civilian agencies, helping to ease some of those criticisms, but the bill still failed to clear the Senate.

Privacy and corporate-liability protections are likely to be among the most contentious issues this year, as they were in the fight over the 2012 legislation. In the House, Intelligence Committee Chairman Mike Rogers, R-Mich., and ranking Democrat Dutch Ruppersberger of Maryland have introduced a cybersecurity bill that mirrors last year's House bill—a version that drew fire from the American Civil Liberties Union, Reporters Without Borders, and even Tim Berners-Lee, the Briton widely credited with inventing the Internet.

Lawmakers, White House officials, and outside groups believe they can overcome some of last year's obstacles. When asked what they’ve learned from the previous effort to push bipartisan legislation through Congress, administration officials said they are stepping up their efforts to reach out to businesses and other players. There is pressure on both sides to forge a deal, said Patrick Gallagher, director of the National Institute of Standards and Technology.

“Tension and debate in legislation,” Gallagher told a Washington think-tank audience Friday, “can actually create a strong headwind on ongoing activities. Even a technical-standards discussion suddenly gets distorted when the intent of that effort gets called into question in debates about legislation.”

FROM OUR SPONSORS

sponsored

JOIN THE DISCUSSION

By using this service you agree not to post material that is obscene, harassing, defamatory, or
otherwise objectionable. Although Nextgov does not monitor comments posted to this site (and has
no obligation to), it reserves the right to delete, edit, or move any material that it deems to
be in violation of this rule.

Thank you for subscribing to newsletters from Nextgov.com.
We think these reports might interest you:

Data-Centric Security vs. Database-Level Security

Database-level encryption had its origins in the 1990s and early 2000s in response to very basic risks which largely revolved around the theft of servers, backup tapes and other physical-layer assets. As noted in Verizon’s 2014, Data Breach Investigations Report (DBIR)1, threats today are far more advanced and dangerous.

PIV- I And Multifactor Authentication: The Best Defense for Federal Government Contractors

This white paper explores NIST SP 800-171 and why compliance is critical to federal government contractors, especially those that work with the Department of Defense, as well as how leveraging PIV-I credentialing with multifactor authentication can be used as a defense against cyberattacks

This research study aims to understand how state and local leaders regard their agency’s innovation efforts and what they are doing to overcome the challenges they face in successfully implementing these efforts.

The U.S. healthcare industry is rapidly moving away from traditional fee-for-service models and towards value-based purchasing that reimburses physicians for quality of care in place of frequency of care.